forked from ossf/osv-schema
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move
schema.json from validation to docs
This allows the JSON schema to be published alongside the rest of the documentation to GitHub pages. The schema will be available at https://ossf.github.io/osv-schema/schema.json. Also created a symlink to the previous repository location of `validation/schema.json` in case anyone is already using that in a `$schema` property Closes ossf#226 Signed-off-by: Jamie Magee <[email protected]>
- Loading branch information
1 parent
acbcc82
commit 0be5288
Showing
2 changed files
with
314 additions
and
313 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,313 @@ | ||
| { | ||
| "$schema": "https://json-schema.org/draft/2020-12/schema", | ||
| "$id": "https://raw.githubusercontent.com/ossf/osv-schema/main/validation/schema.json", | ||
| "title": "Open Source Vulnerability", | ||
| "description": "A schema for describing a vulnerability in an open source package.", | ||
| "type": "object", | ||
| "properties": { | ||
| "schema_version": { | ||
| "type": "string" | ||
| }, | ||
| "id": { | ||
| "type": "string" | ||
| }, | ||
| "modified": { | ||
| "$ref": "#/$defs/timestamp" | ||
| }, | ||
| "published": { | ||
| "$ref": "#/$defs/timestamp" | ||
| }, | ||
| "withdrawn": { | ||
| "$ref": "#/$defs/timestamp" | ||
| }, | ||
| "aliases": { | ||
| "type": ["array", "null"], | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "related": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "summary": { | ||
| "type": "string" | ||
| }, | ||
| "details": { | ||
| "type": "string" | ||
| }, | ||
| "severity": { | ||
| "$ref": "#/$defs/severity" | ||
| }, | ||
| "affected": { | ||
| "type": ["array", "null"], | ||
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "package": { | ||
| "type": "object", | ||
| "properties": { | ||
| "ecosystem": { | ||
| "type": "string" | ||
| }, | ||
| "name": { | ||
| "type": "string" | ||
| }, | ||
| "purl": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "ecosystem", | ||
| "name" | ||
| ] | ||
| }, | ||
| "severity": { | ||
| "$ref": "#/$defs/severity" | ||
| }, | ||
| "ranges": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "type": { | ||
| "type": "string", | ||
| "enum": [ | ||
| "GIT", | ||
| "SEMVER", | ||
| "ECOSYSTEM" | ||
| ] | ||
| }, | ||
| "repo": { | ||
| "type": "string" | ||
| }, | ||
| "events": { | ||
| "type": "array", | ||
| "contains": { | ||
| "required": [ | ||
| "introduced" | ||
| ] | ||
| }, | ||
| "items": { | ||
| "type": "object", | ||
| "oneOf": [ | ||
| { | ||
| "type": "object", | ||
| "properties": { | ||
| "introduced": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "introduced" | ||
| ] | ||
| }, | ||
| { | ||
| "type": "object", | ||
| "properties": { | ||
| "fixed": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "fixed" | ||
| ] | ||
| }, | ||
| { | ||
| "type": "object", | ||
| "properties": { | ||
| "last_affected": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "last_affected" | ||
| ] | ||
| }, | ||
| { | ||
| "type": "object", | ||
| "properties": { | ||
| "limit": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "limit" | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| "minItems": 1 | ||
| }, | ||
| "database_specific": { | ||
| "type": "object" | ||
| } | ||
| }, | ||
| "allOf": [ | ||
| { | ||
| "if": { | ||
| "properties": { | ||
| "type": { | ||
| "const": "GIT" | ||
| } | ||
| } | ||
| }, | ||
| "then": { | ||
| "required": [ | ||
| "repo" | ||
| ] | ||
| } | ||
| }, | ||
| { | ||
| "if": { | ||
| "properties": { | ||
| "events": { | ||
| "contains": { | ||
| "required": ["last_affected"] | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "then": { | ||
| "not": { | ||
| "properties": { | ||
| "events": { | ||
| "contains": { | ||
| "required": ["fixed"] | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| ], | ||
| "required": [ | ||
| "type", | ||
| "events" | ||
| ] | ||
| } | ||
| }, | ||
| "versions": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "ecosystem_specific": { | ||
| "type": "object" | ||
| }, | ||
| "database_specific": { | ||
| "type": "object" | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "references": { | ||
| "type": ["array", "null"], | ||
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "type": { | ||
| "type": "string", | ||
| "enum": [ | ||
| "ADVISORY", | ||
| "ARTICLE", | ||
| "DETECTION", | ||
| "DISCUSSION", | ||
| "REPORT", | ||
| "FIX", | ||
| "INTRODUCED", | ||
| "GIT", | ||
| "PACKAGE", | ||
| "EVIDENCE", | ||
| "WEB" | ||
| ] | ||
| }, | ||
| "url": { | ||
| "type": "string", | ||
| "format": "uri" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "type", | ||
| "url" | ||
| ] | ||
| } | ||
| }, | ||
| "credits": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "name": { | ||
| "type": "string" | ||
| }, | ||
| "contact": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "type": { | ||
| "type": "string", | ||
| "enum": [ | ||
| "FINDER", | ||
| "REPORTER", | ||
| "ANALYST", | ||
| "COORDINATOR", | ||
| "REMEDIATION_DEVELOPER", | ||
| "REMEDIATION_REVIEWER", | ||
| "REMEDIATION_VERIFIER", | ||
| "TOOL", | ||
| "SPONSOR", | ||
| "OTHER" | ||
| ] | ||
| } | ||
| }, | ||
| "required": [ | ||
| "name" | ||
| ] | ||
| } | ||
| }, | ||
| "database_specific": { | ||
| "type": "object" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "id", | ||
| "modified" | ||
| ], | ||
| "$defs": { | ||
| "severity": { | ||
| "type": ["array", "null"], | ||
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "type": { | ||
| "type": "string", | ||
| "enum": [ | ||
| "CVSS_V2", | ||
| "CVSS_V3", | ||
| "CVSS_V4" | ||
| ] | ||
| }, | ||
| "score": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "type", | ||
| "score" | ||
| ] | ||
| } | ||
| }, | ||
| "timestamp": { | ||
| "type": "string", | ||
| "format": "date-time", | ||
| "pattern": "[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\\.[0-9]+)?Z" | ||
| } | ||
| }, | ||
| "additionalProperties": false | ||
| } |
Oops, something went wrong.